CVE-2023-0837

An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration.

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/	Vendor Advisory
https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:teamviewer:remote:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

21 Nov 2024, 07:37

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 6.6
References	~~() https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/ - Vendor Advisory~~	() https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/ - Vendor Advisory

22 Jun 2023, 19:37

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:teamviewer:remote::::::::
CWE		NVD-CWE-Other
References	~~(MISC) https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/ -~~	(MISC) https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/ - Vendor Advisory
First Time		Apple Microsoft windows Teamviewer remote Teamviewer Microsoft Apple macos

14 Jun 2023, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-06-14 08:15

Updated : 2024-11-21 07:37

NVD link : CVE-2023-0837

Mitre link : CVE-2023-0837

CVE.ORG link : CVE-2023-0837

JSON object : View

Products Affected

teamviewer

remote

apple

macos

microsoft

windows

CWE

CWE-285

Improper Authorization

NVD-CWE-Other

{"id": "CVE-2023-0837", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@teamviewer.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-06-14T08:15:08.703", "references": [{"url": "https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/", "tags": ["Vendor Advisory"], "source": "psirt@teamviewer.com"}, {"url": "https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2023-1001/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@teamviewer.com", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration."}, {"lang": "es", "value": "Una comprobaci\u00f3n de autorizaci\u00f3n incorrecta de la configuraci\u00f3n del dispositivo local en TeamViewer Remote entre las versiones 15.41 y 15.42.7 para Windows y macOS permite a un usuario sin privilegios cambiar la configuraci\u00f3n b\u00e1sica del dispositivo local aunque las opciones estuvieran bloqueadas. Esto puede dar lugar a cambios no deseados en la configuraci\u00f3n. "}], "lastModified": "2024-11-21T07:37:55.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:teamviewer:remote:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EF5ED51-6BF4-42CC-847E-9164BBF86F60", "versionEndExcluding": "15.42.8", "versionStartIncluding": "15.41"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@teamviewer.com"}